jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-21 19:44:16 +00:00
Code Issues Actions 12 Packages Projects Releases Wiki Activity

doc refactor: tls

Browse Source
This commit is contained in:
isaacs 2012-02-27 11:09:35 -08:00
parent c4d6c7f829
commit c9b35b9923
1 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
doc/api/tls.markdown
View File

@ -1,4 +1,4 @@
## TLS (SSL) # TLS (SSL)
Use `require('tls')` to access this module. Use `require('tls')` to access this module.
@ -26,7 +26,9 @@ Alternatively you can send the CSR to a Certificate Authority for signing.
(TODO: docs on creating a CA, for now interested users should just look at (TODO: docs on creating a CA, for now interested users should just look at
`test/fixtures/keys/Makefile` in the Node source code) `test/fixtures/keys/Makefile` in the Node source code)
### Client-initiated renegotiation attack mitigation ## Client-initiated renegotiation attack mitigation
<!-- type=misc -->
The TLS protocol lets the client renegotiate certain aspects of the TLS session. The TLS protocol lets the client renegotiate certain aspects of the TLS session.
Unfortunately, session renegotiation requires a disproportional amount of Unfortunately, session renegotiation requires a disproportional amount of
@ -49,7 +51,9 @@ and tap `R<CR>` (that's the letter `R` followed by a carriage return) a few
times. times.
### NPN and SNI ## NPN and SNI
<!-- type=misc -->
NPN (Next Protocol Negotiation) and SNI (Server Name Indication) are TLS NPN (Next Protocol Negotiation) and SNI (Server Name Indication) are TLS
handshake extensions allowing you: handshake extensions allowing you:
@ -138,8 +142,8 @@ You can test this server by connecting to it with `openssl s_client`:
openssl s_client -connect 127.0.0.1:8000 openssl s_client -connect 127.0.0.1:8000
#### tls.connect(options, [secureConnectListener]) ## tls.connect(options, [secureConnectListener])
#### tls.connect(port, [host], [options], [secureConnectListener]) ## tls.connect(port, [host], [options], [secureConnectListener])
Creates a new client connection to the given `port` and `host` (old API) or Creates a new client connection to the given `port` and `host` (old API) or
`options.port` and `options.host`. (If `host` is omitted, it defaults to `options.port` and `options.host`. (If `host` is omitted, it defaults to
@ -232,6 +236,10 @@ and the cleartext one is used as a replacement for the initial encrypted stream.
`tls.createSecurePair()` returns a SecurePair object with `tls.createSecurePair()` returns a SecurePair object with
[cleartext](#tls.CleartextStream) and `encrypted` stream properties. [cleartext](#tls.CleartextStream) and `encrypted` stream properties.
## Class: SecurePair
Returned by tls.createSecurePair.
### Event: 'secure' ### Event: 'secure'
The event is emitted from the SecurePair once the pair has successfully The event is emitted from the SecurePair once the pair has successfully
@ -241,7 +249,7 @@ Similarly to the checking for the server 'secureConnection' event,
pair.cleartext.authorized should be checked to confirm whether the certificate pair.cleartext.authorized should be checked to confirm whether the certificate
used properly authorized. used properly authorized.
## tls.Server ## Class: tls.Server
This class is a subclass of `net.Server` and has the same methods on it. This class is a subclass of `net.Server` and has the same methods on it.
Instead of accepting just raw TCP connections, this accepts encrypted Instead of accepting just raw TCP connections, this accepts encrypted
@ -315,7 +323,7 @@ gets high.
The number of concurrent connections on the server. The number of concurrent connections on the server.
## tls.CleartextStream ## Class: tls.CleartextStream
This is a stream on top of the *Encrypted* stream that makes it possible to This is a stream on top of the *Encrypted* stream that makes it possible to
read/write an encrypted data as a cleartext data. read/write an encrypted data as a cleartext data.
@ -323,9 +331,9 @@ read/write an encrypted data as a cleartext data.
This instance implements a duplex [Stream](streams.html#streams) interfaces. This instance implements a duplex [Stream](streams.html#streams) interfaces.
It has all the common stream methods and events. It has all the common stream methods and events.
### Event: 'secureConnect' A ClearTextStream is the `clear` member of a SecurePair object.
`function () {}` ### Event: 'secureConnect'
This event is emitted after a new connection has been successfully handshaked. This event is emitted after a new connection has been successfully handshaked.
The listener will be called no matter if the server's certificate was The listener will be called no matter if the server's certificate was